PHP 'ext/soap/php_xml.c' Multiple Arbitrary File Disclosure Vulnerabilities
PHP is prone to multiple arbitrary file-disclosure vulnerabilities because the application fails to sanitize user-supplied input.
An authenticated attacker can exploit these vulnerabilities to view arbitrary files within the context of the affected application. Other attacks are also possible.
Note: These issues were previously covered in BID 58224 (PHP Arbitrary File Disclosure and Arbitrary File Write Vulnerabilities), but have been separated into their own record to better document them.
Versions prior to PHP 5.3.22 and 5.4.12 are vulnerable.